Start by putting together a software bill of materials for every app in your environment, Enderle advised. “Without it, you’re just guessing what’s under the hood. You need a live, automated inventory, using standards like CycloneDX, so the second a bug like this [ActiveMQ] hits, you aren’t scanning. You already know exactly which apps are carrying the poisoned ingredient.”
Second, he said, auto-patch the small stuff and use automated testing for the big systems. Again, he maintained that if IT is still waiting for a weekend maintenance window or a committee approval to fix a critical flaw, “you’re playing a 2010 game in a 2026 world.”
“Bottom line,” he said: “If you don’t know what’s in your software, and you can’t fix it faster than an LLM can find it, you’re just a target.”
